Capital One Eno
-
- Posts: 680
- Joined: Tue Jun 13, 2017 6:09 pm
Capital One Eno
Anyone using this virtual credit card facility? I tried to get it working but it refuses to recognize my mobile number. I suspect that is because the number is actually my work phone, I don't own a personal phone.
Re: Capital One Eno
Old thread, but hey it's only one post.
I love Capital One Eno. It took me a while to get the hang of it, though.
What is it?
If you have a Capital One credit card, this browser extension called Eno will help you create virtual credit card numbers on the fly. Ultimately, your real card will be charged, but without your ever having entered the digits you see on your physical card. I don't remember if you can get it in other browsers (edit: yes, here's the firefox one), but in Chrome, you install this extension and then you see a button near the top right of the browser, forever.
When you're on the page of a merchant or charity site, you click the button and log in. Log in as if you're logging into Cap One's official site to look at statements. You get the option to either create a virtual card on the fly for this vendor or to find one that you already created. A card number that you created to pay Amazon is NOT going to work at the Salvation Army. This is what makes it safe.
What I'm wondering, though, is does it really help protect against fraud? Most of the websites that I dare to use a card with already have good security. And, if someone wants to commit fraud, there are many ways to pilfer your number that don't involve intercepting data from your online purchases.
For me, it's just convenient. I can log in without retrieving a card from my wallet or desk.
I love Capital One Eno. It took me a while to get the hang of it, though.
What is it?
If you have a Capital One credit card, this browser extension called Eno will help you create virtual credit card numbers on the fly. Ultimately, your real card will be charged, but without your ever having entered the digits you see on your physical card. I don't remember if you can get it in other browsers (edit: yes, here's the firefox one), but in Chrome, you install this extension and then you see a button near the top right of the browser, forever.
When you're on the page of a merchant or charity site, you click the button and log in. Log in as if you're logging into Cap One's official site to look at statements. You get the option to either create a virtual card on the fly for this vendor or to find one that you already created. A card number that you created to pay Amazon is NOT going to work at the Salvation Army. This is what makes it safe.
What I'm wondering, though, is does it really help protect against fraud? Most of the websites that I dare to use a card with already have good security. And, if someone wants to commit fraud, there are many ways to pilfer your number that don't involve intercepting data from your online purchases.
For me, it's just convenient. I can log in without retrieving a card from my wallet or desk.
Last edited by linenfort on Tue May 14, 2019 3:02 pm, edited 3 times in total.
Re: Capital One Eno
It's been great !! Currently i use it at over 50 sites.
I close that # as soon as I finish the purchase. Then re-open
when I wish to make another purchase. Monthly sites
I leave open. This is far more secure than just using
my one c.c. number at 50 different sites.
Great idea. Should have been implemented years ago.
I close that # as soon as I finish the purchase. Then re-open
when I wish to make another purchase. Monthly sites
I leave open. This is far more secure than just using
my one c.c. number at 50 different sites.
Great idea. Should have been implemented years ago.
Re: Capital One Eno
Yes it really does help. For one thing, you can close that number at any time.linenfort wrote: ↑Tue May 14, 2019 2:58 pm Old thread, but hey it's only one post.
I love Capital One Eno. It took me a while to get the hang of it, though.
What is it?
What I'm wondering, though, is does it really help protect against fraud? Most of the websites that I dare to use a card with already have good security. And, if someone wants to commit fraud, there are many ways to pilfer your number that don't involve intercepting data from your online purchases.
For me, it's just convenient. I can log in without retrieving a card from my wallet or desk.
Even if it is left open; that c.c. # can ONLY be used at that one site. It cuts
down quite a bit on its usefulness to scammers.
Re: Capital One Eno
Yes I suppose. Not to sound cynical, but it is also a good way for the bank to collect data on your surfing habits even when you're not using the card.
Still, I've been in the habit of using it for years and I will continue to do so. When I tried to make a library donation recently with the same virtual card I'd used last month to buy tickets for an event at the same library, it didn't work. I thought, "Well, good. This is a feature, not a bug."
Still, I've been in the habit of using it for years and I will continue to do so. When I tried to make a library donation recently with the same virtual card I'd used last month to buy tickets for an event at the same library, it didn't work. I thought, "Well, good. This is a feature, not a bug."
Re: Capital One Eno
I close it as soon as I make the purchase. It only views my surfing habits during the purchase (which it would anyway).linenfort wrote: ↑Tue May 14, 2019 3:07 pm Yes I suppose. Not to sound cynical, but it is also a good way for the bank to collect data on your surfing habits even when you're not using the card.
Still, I've been in the habit of using it for years and I will continue to do so. When I tried to make a library donation recently with the same virtual card I'd used last month to buy tickets for an event at the same library, it didn't work. I thought, "Well, good. This is a feature, not a bug."
Re: Capital One Eno
I use Eno too, but I don't use it everywhere. For Amazon, Apple, etc., I use my preferred credit card directly. But if I'm paying for a subscription, buying lawn mower parts online from a store in Tennessee*, or putting in a credit card number for a free trial**, I will use Eno. I can restrict the purchase to that vendor, restrict the amount, and turn it off after use. If a subscription or trial proves difficult or impossible to cancel, then they're still out of luck getting payment.
* Prior to Eno, I may have had a different, seldom-used credit card number stolen after using it to buy lawn mower parts from a store online. It was a legitimate store, and I received the parts. But the card number was cloned a few weeks later.
** I am usually careful to check on cancellation methods now before taking advantage of a discount or trial subscription, but I like to have backup just in case. I don't want to find out after subscribing to a French newspaper that canceling requires an international phone call during French business hours. For what it's worth, lefigaro.fr has an email address for cancellation requests. I emailed customer service to confirm that a couple of years ago before starting a heavily-discounted, limited-term subscription. I emailed my cancellation request before the normal 9.90 € per month price kicked in.
* Prior to Eno, I may have had a different, seldom-used credit card number stolen after using it to buy lawn mower parts from a store online. It was a legitimate store, and I received the parts. But the card number was cloned a few weeks later.
** I am usually careful to check on cancellation methods now before taking advantage of a discount or trial subscription, but I like to have backup just in case. I don't want to find out after subscribing to a French newspaper that canceling requires an international phone call during French business hours. For what it's worth, lefigaro.fr has an email address for cancellation requests. I emailed customer service to confirm that a couple of years ago before starting a heavily-discounted, limited-term subscription. I emailed my cancellation request before the normal 9.90 € per month price kicked in.
Re: Capital One Eno
I know about restricting to one vendor and turning off after use; but I don't know how to restrict the amount of each virtual card?jhfenton wrote: ↑Fri May 17, 2019 9:31 am I use Eno too, but I don't use it everywhere. For Amazon, Apple, etc., I use my preferred credit card directly. But if I'm paying for a subscription, buying lawn mower parts online from a store in Tennessee*, or putting in a credit card number for a free trial**, I will use Eno. I can restrict the purchase to that vendor, restrict the amount, and turn it off after use. If a subscription or trial proves difficult or impossible to cancel, then they're still out of luck getting payment.
Re: Capital One Eno
seems like a whole lot of hassle for something that is already zero liability.
Re: Capital One Eno
Not in Eno. Citibank Virtual Account Numbers, however do allow you to limit the dollar amount.Rob5TCP wrote: ↑Fri May 17, 2019 10:19 amI know about restricting to one vendor and turning off after use; but I don't know how to restrict the amount of each virtual card?jhfenton wrote: ↑Fri May 17, 2019 9:31 am I use Eno too, but I don't use it everywhere. For Amazon, Apple, etc., I use my preferred credit card directly. But if I'm paying for a subscription, buying lawn mower parts online from a store in Tennessee*, or putting in a credit card number for a free trial**, I will use Eno. I can restrict the purchase to that vendor, restrict the amount, and turn it off after use. If a subscription or trial proves difficult or impossible to cancel, then they're still out of luck getting payment.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Re: Capital One Eno
Eno seems to be really well thought out. Although I don't use it really often, I really like the feature that pops up to let me use a virtual number whenever I'm about to buy something on-line.
As others have stated, one of the primary things to use this for is things that you want to have some control over renewal of subscriptions. You start a subscription with an Eno virtual charge number, then immediately turn off that number so it can't be used again. Problem solved.
I got interested in Eno when I had a >$4K fraudulent charge on one of my other cards. The crook had the CC #, the expiration date, CVV, our home address, and even my wife's cell phone number. I was certain that some on-line vendor was the source, but no way to know which one. My thought was to use a separate Eno virtual number for each on-line vendor that we dealt with. That way when such a thing happened again, it should be easy to see which vendor is responsible. The only slight problem is that when you look at your on-line transactions or bill you can't tell which Eno # was used. I'm sure Capital One has access to that data though, so if it does happen we can track it down.
I just wish some of my more favorite rewards cards (Chase Sapphire, Fidelity 2% Visa) had such a feature. As it is I'm forced to make the choice between good rewards or the virtual # feature.
As others have stated, one of the primary things to use this for is things that you want to have some control over renewal of subscriptions. You start a subscription with an Eno virtual charge number, then immediately turn off that number so it can't be used again. Problem solved.
I got interested in Eno when I had a >$4K fraudulent charge on one of my other cards. The crook had the CC #, the expiration date, CVV, our home address, and even my wife's cell phone number. I was certain that some on-line vendor was the source, but no way to know which one. My thought was to use a separate Eno virtual number for each on-line vendor that we dealt with. That way when such a thing happened again, it should be easy to see which vendor is responsible. The only slight problem is that when you look at your on-line transactions or bill you can't tell which Eno # was used. I'm sure Capital One has access to that data though, so if it does happen we can track it down.
I just wish some of my more favorite rewards cards (Chase Sapphire, Fidelity 2% Visa) had such a feature. As it is I'm forced to make the choice between good rewards or the virtual # feature.
- CommitmentDevice
- Posts: 274
- Joined: Tue Apr 02, 2019 3:25 am
Re: Capital One Eno
In a 2 year period, my card was compromised 3 times. Since the chip and virtual card #'s;
I've not had one compromised card. I am not worried about the liability; it's the hassle
of replacing a card multiple times. It's just better security.
Re: Capital One Eno
Can you configure the virtual numbers to be single use only? If so, would be useful for sites that require a CC for free trials or purchases from random ecommerce sites.
Re: Capital One Eno
You're right. I was thinking of Privacy, which allows you to set the amount. Privacy, though, links the virtual cards to your checking account, so I haven't used it since I discovered Eno.samsoes wrote: ↑Fri May 17, 2019 10:42 amNot in Eno. Citibank Virtual Account Numbers, however do allow you to limit the dollar amount.Rob5TCP wrote: ↑Fri May 17, 2019 10:19 amI know about restricting to one vendor and turning off after use; but I don't know how to restrict the amount of each virtual card?jhfenton wrote: ↑Fri May 17, 2019 9:31 am I use Eno too, but I don't use it everywhere. For Amazon, Apple, etc., I use my preferred credit card directly. But if I'm paying for a subscription, buying lawn mower parts online from a store in Tennessee*, or putting in a credit card number for a free trial**, I will use Eno. I can restrict the purchase to that vendor, restrict the amount, and turn it off after use. If a subscription or trial proves difficult or impossible to cancel, then they're still out of luck getting payment.
Not automatically, but you can lock a number immediately after initial use or authorization.
Re: Capital One Eno
There is only so far I'm willing to go to protect the issuing bank's money.
Generating single-use credit card numbers is way beyond what I am agreeing to do when I accept a credit card.
Generating single-use credit card numbers is way beyond what I am agreeing to do when I accept a credit card.
Re: Capital One Eno
I know this is an old thread, but I just discovered something interesting with Capital One virtual numbers.
I've got a SiriusXM subscription for a car. As has been discussed on the BH forum many times, SiriusXM is pretty obnoxious about trying to really hose you with an automatic renewal. My annual subscription is always something close to one-third of what they will automatically re-up me for. As a result, I have to remember to call a couple of days before the subscription runs out and fight them for another year.
This year I decided to use one of the Capital One virtual numbers, and then lock it after the subscription got charged. That way if I forget and they try and renew me automatically at the "nobody pays this" price, the card will be declined. They would then send me an email and I could do the negotiation.
Well, it didn't work. The SiriusXM agent tried several times, but the card came back as declined each time. I made sure I got the number right from my Capital One account, and that I had the number unlocked. So I call Capital One and the CSR took forever to just understand what I was doing. Finally she understood, and said I can't use any of the virtual numbers except on-line. No purchase over the phone will ever be approved.
That's really too bad. Because of the dance SiriusXM makes you go through, it will always be a telephone purchase.
I've got a SiriusXM subscription for a car. As has been discussed on the BH forum many times, SiriusXM is pretty obnoxious about trying to really hose you with an automatic renewal. My annual subscription is always something close to one-third of what they will automatically re-up me for. As a result, I have to remember to call a couple of days before the subscription runs out and fight them for another year.
This year I decided to use one of the Capital One virtual numbers, and then lock it after the subscription got charged. That way if I forget and they try and renew me automatically at the "nobody pays this" price, the card will be declined. They would then send me an email and I could do the negotiation.
Well, it didn't work. The SiriusXM agent tried several times, but the card came back as declined each time. I made sure I got the number right from my Capital One account, and that I had the number unlocked. So I call Capital One and the CSR took forever to just understand what I was doing. Finally she understood, and said I can't use any of the virtual numbers except on-line. No purchase over the phone will ever be approved.
That's really too bad. Because of the dance SiriusXM makes you go through, it will always be a telephone purchase.
Re: Capital One Eno
I've call and gotten "promo" rates ever since I bought my 2008 Saturn. About 8 years ago I stopped paying SiriusXM using a credit card and pay an invoice, using a check. When I first switched to an invoice, IIRC they charges me an additional $1 or $2 invoice fee. However, I think they recently dropped that extra charge. In any case, I'm happy to pay an extra few bucks every 6 or 12 months just to avoid giving them my cc#.Horsefly wrote: ↑Mon Oct 07, 2019 4:03 pm I know this is an old thread, but I just discovered something interesting with Capital One virtual numbers.
I've got a SiriusXM subscription for a car. As has been discussed on the BH forum many times, SiriusXM is pretty obnoxious about trying to really hose you with an automatic renewal. My annual subscription is always something close to one-third of what they will automatically re-up me for. As a result, I have to remember to call a couple of days before the subscription runs out and fight them for another year.
This year I decided to use one of the Capital One virtual numbers, and then lock it after the subscription got charged. That way if I forget and they try and renew me automatically at the "nobody pays this" price, the card will be declined. They would then send me an email and I could do the negotiation.
Well, it didn't work. The SiriusXM agent tried several times, but the card came back as declined each time. I made sure I got the number right from my Capital One account, and that I had the number unlocked. So I call Capital One and the CSR took forever to just understand what I was doing. Finally she understood, and said I can't use any of the virtual numbers except on-line. No purchase over the phone will ever be approved.
That's really too bad. Because of the dance SiriusXM makes you go through, it will always be a telephone purchase.
Re: Capital One Eno
I was really not trying to change this into a thread about SiriusXM. Consistent with the thread, my point was just that you apparently can't use the Eno / virtual card numbers for anything other than on-line purchases. That was not disclosed by Capital One, and - in my mind - is a negative on the Capital One offering.neilpilot wrote: ↑Mon Oct 07, 2019 5:04 pm I've call and gotten "promo" rates ever since I bought my 2008 Saturn. About 8 years ago I stopped paying SiriusXM using a credit card and pay an invoice, using a check. When I first switched to an invoice, IIRC they charges me an additional $1 or $2 invoice fee. However, I think they recently dropped that extra charge. In any case, I'm happy to pay an extra few bucks every 6 or 12 months just to avoid giving them my cc#.
- JAZZISCOOL
- Posts: 2658
- Joined: Sat May 18, 2019 11:49 am
- Location: Colorado - 5,700 ft.
Re: Capital One Eno
Good to know. I used ENO recently for the first time for a similar problem with an online digital newspaper subscription (problem with renewing me at much higher rates.) I locked it recently so it will be interesting to see if it worked.Horsefly wrote: ↑Mon Oct 07, 2019 10:32 pmI was really not trying to change this into a thread about SiriusXM. Consistent with the thread, my point was just that you apparently can't use the Eno / virtual card numbers for anything other than on-line purchases. That was not disclosed by Capital One, and - in my mind - is a negative on the Capital One offering.neilpilot wrote: ↑Mon Oct 07, 2019 5:04 pm I've call and gotten "promo" rates ever since I bought my 2008 Saturn. About 8 years ago I stopped paying SiriusXM using a credit card and pay an invoice, using a check. When I first switched to an invoice, IIRC they charges me an additional $1 or $2 invoice fee. However, I think they recently dropped that extra charge. In any case, I'm happy to pay an extra few bucks every 6 or 12 months just to avoid giving them my cc#.
-
- Posts: 2843
- Joined: Wed Feb 12, 2014 9:58 pm
Re: Capital One Eno
It's certainly not mandatory. But it is MUCH less hassle than dealing with fraud or overzealous autorenewals (e.g. Sirius) with your credit card. It's a very nice option to have, and sets Capital One apart, especially when Amex, Discover, and Bank of America have terminated similar programs. Citi and Capital One are the only major usa issuers left with virtual numbers, and Capital One's implementation is quite easy to use.
-
- Posts: 2843
- Joined: Wed Feb 12, 2014 9:58 pm
Re: Capital One Eno
You have to be at a merchant website to generate the number for that merchant website. If you try to generate a number at a website and then use the number elsewhere (another website, or phone, or in person, etc. the attempt is blocked.Horsefly wrote: ↑Mon Oct 07, 2019 10:32 pmI was really not trying to change this into a thread about SiriusXM. Consistent with the thread, my point was just that you apparently can't use the Eno / virtual card numbers for anything other than on-line purchases. That was not disclosed by Capital One, and - in my mind - is a negative on the Capital One offering.neilpilot wrote: ↑Mon Oct 07, 2019 5:04 pm I've call and gotten "promo" rates ever since I bought my 2008 Saturn. About 8 years ago I stopped paying SiriusXM using a credit card and pay an invoice, using a check. When I first switched to an invoice, IIRC they charges me an additional $1 or $2 invoice fee. However, I think they recently dropped that extra charge. In any case, I'm happy to pay an extra few bucks every 6 or 12 months just to avoid giving them my cc#.
Re: Capital One Eno
Every month I use it at more and more sites. AMX had a one use C.C. for years and for some reason discontinued it.
This is the best option I've found. I would love to be able to use it at the few places that I give a c.c. over the phone,
but that is not an option. Still this is way more secure than every website having my actual c.c. #.
Currently I am up to 60+ sites that I use this.
This is the best option I've found. I would love to be able to use it at the few places that I give a c.c. over the phone,
but that is not an option. Still this is way more secure than every website having my actual c.c. #.
Currently I am up to 60+ sites that I use this.
Re: Capital One Eno
My wife uses it for her online shopping. No issues at all so far.
Stocks-80% || Bonds-20% || Taxable-VTI/VXUS || IRA-VT/BNDW
Re: Capital One Eno
I should probably use it more places, but I generally go to the trouble only with subscription services that have problematic auto-renewal policies or with merchants that I am a bit suspicious of.
This past weekend, I ordered two pair of Nike clearance running shoes from a retailer that I hadn't heard of before. I fired up Eno, placed the order, and then deactivated the number. Worst case is that I don't get the shoes (or get counterfeit shoes) and then dispute the charge. I'm at no risk of having to get a replacement card because my main number is in the wild.
This past weekend, I ordered two pair of Nike clearance running shoes from a retailer that I hadn't heard of before. I fired up Eno, placed the order, and then deactivated the number. Worst case is that I don't get the shoes (or get counterfeit shoes) and then dispute the charge. I'm at no risk of having to get a replacement card because my main number is in the wild.
Re: Capital One Eno
The biggest issue with Eno - they don’t show you the virtual card with which the charges on your account are associated.
So you set this up for a couple dozen different sites, one of them gets compromised, now you can’t tell which number is the one you have to shut down. When you call in about the fraud, they issue you a new physical card (and number), the virtual numbers all get remapped to the new physical card number, but the fraudulent charges keep rolling in until you find the right virtual number to remove through process of elimination. On Reddit there were several threads that even the fraud customer service reps weren’t able to assist with identifying which virtual number the charges were coming in on.
So you set this up for a couple dozen different sites, one of them gets compromised, now you can’t tell which number is the one you have to shut down. When you call in about the fraud, they issue you a new physical card (and number), the virtual numbers all get remapped to the new physical card number, but the fraudulent charges keep rolling in until you find the right virtual number to remove through process of elimination. On Reddit there were several threads that even the fraud customer service reps weren’t able to assist with identifying which virtual number the charges were coming in on.
- JAZZISCOOL
- Posts: 2658
- Joined: Sat May 18, 2019 11:49 am
- Location: Colorado - 5,700 ft.
Re: Capital One Eno
Thanks for posting this. I've only used ENO once so far but good to know for the future! Maybe that is why the other cards like AMEX have stopped issuing virtual #'s possibly.SpaethCo wrote: ↑Wed Oct 09, 2019 9:29 pm The biggest issue with Eno - they don’t show you the virtual card with which the charges on your account are associated.
So you set this up for a couple dozen different sites, one of them gets compromised, now you can’t tell which number is the one you have to shut down. When you call in about the fraud, they issue you a new physical card (and number), the virtual numbers all get remapped to the new physical card number, but the fraudulent charges keep rolling in until you find the right virtual number to remove through process of elimination. On Reddit there were several threads that even the fraud customer service reps weren’t able to assist with identifying which virtual number the charges were coming in on.
Re: Capital One Eno
JAZZISCOOL wrote: ↑Wed Oct 09, 2019 9:40 pmThanks for posting this. I've only used ENO once so far but good to know for the future! Maybe that is why the other cards like AMEX have stopped issuing virtual #'s possibly.SpaethCo wrote: ↑Wed Oct 09, 2019 9:29 pm The biggest issue with Eno - they don’t show you the virtual card with which the charges on your account are associated.
So you set this up for a couple dozen different sites, one of them gets compromised, now you can’t tell which number is the one you have to shut down. When you call in about the fraud, they issue you a new physical card (and number), the virtual numbers all get remapped to the new physical card number, but the fraudulent charges keep rolling in until you find the right virtual number to remove through process of elimination. On Reddit there were several threads that even the fraud customer service reps weren’t able to assist with identifying which virtual number the charges were coming in on.
I have Eno setup on 60+ sites. Say Amazon charges $50 on my account that is fraudulent.
I cancel that number and begin a new Amazon c.c. number. Whenever there is a charge it
shows the merchant, so I would know where the fraud is coming from.
To reduce this further, I put all my numbers on hold until i use them (except for 5-6
monthly repeating charges (Netflix, and others).
-
- Posts: 2843
- Joined: Wed Feb 12, 2014 9:58 pm
Re: Capital One Eno
Back in the day Orbiscom, an Irish company now owned by MasterCard, had a current patent for virtual credit card numbers. Discover and Bank of America displayed the Orbiscom O logo. American Express private payments did not. I suspected that AmEx shut it down in 2004 to avoid a patent issue.JAZZISCOOL wrote: ↑Wed Oct 09, 2019 9:40 pmThanks for posting this. I've only used ENO once so far but good to know for the future! Maybe that is why the other cards like AMEX have stopped issuing virtual #'s possibly.SpaethCo wrote: ↑Wed Oct 09, 2019 9:29 pm The biggest issue with Eno - they don’t show you the virtual card with which the charges on your account are associated.
So you set this up for a couple dozen different sites, one of them gets compromised, now you can’t tell which number is the one you have to shut down. When you call in about the fraud, they issue you a new physical card (and number), the virtual numbers all get remapped to the new physical card number, but the fraudulent charges keep rolling in until you find the right virtual number to remove through process of elimination. On Reddit there were several threads that even the fraud customer service reps weren’t able to assist with identifying which virtual number the charges were coming in on.
I suspect Discover shut down their virtual numbers a few years ago to avoid paying the license fees to a now competitor, and Bank of America shut theirs (ShopSafe) down last month to avoid a costly overhaul to remove Flash. This is all speculation, but there is some logic behind it.
UPDATE: A wikipedia article suggests that MasterCard/Orbiscom stopped licensing the technology to Discover, which is why Discover's Secure Virtual Number service by Orbiscom shut down in 2014 when their agreement expired.
Last edited by criticalmass on Thu Oct 10, 2019 6:42 am, edited 1 time in total.
- JAZZISCOOL
- Posts: 2658
- Joined: Sat May 18, 2019 11:49 am
- Location: Colorado - 5,700 ft.
Re: Capital One Eno
This is interesting! I had no idea they went back so far and were patented, etc. I am all for any new technology or method to prevent all of the CC fraud out there.criticalmass wrote: ↑Wed Oct 09, 2019 9:52 pmBack in the day Orbiscom, an Irish company now owned by MasterCard, had a current patent for virtual credit card numbers. Discover and Bank of America displayed the Orbiscom O logo. American Express private payments did not. I suspected that AmEx shut it down in 2004 to avoid a patent issue.JAZZISCOOL wrote: ↑Wed Oct 09, 2019 9:40 pmThanks for posting this. I've only used ENO once so far but good to know for the future! Maybe that is why the other cards like AMEX have stopped issuing virtual #'s possibly.SpaethCo wrote: ↑Wed Oct 09, 2019 9:29 pm The biggest issue with Eno - they don’t show you the virtual card with which the charges on your account are associated.
So you set this up for a couple dozen different sites, one of them gets compromised, now you can’t tell which number is the one you have to shut down. When you call in about the fraud, they issue you a new physical card (and number), the virtual numbers all get remapped to the new physical card number, but the fraudulent charges keep rolling in until you find the right virtual number to remove through process of elimination. On Reddit there were several threads that even the fraud customer service reps weren’t able to assist with identifying which virtual number the charges were coming in on.
I suspect Discover shut down their virtual numbers a few years ago to avoid paying the license fees to a now competitor, and Bank of America shut theirs (ShopSafe) down last month to avoid a costly overhaul to remove Flash. This is all speculation, but there is some logic behind it.
Re: Capital One Eno
The browser extension matches URL to a number that has been generated, but when I looked at this in Jan/Feb there was nothing on Capital One's system that restricted a virtual card to a specific merchant.
I was able to generate a number and have successful transactions for at least 3 different merchants (My trash collection company, Amazon, and Paypal) on a single virtual number.
Re: Capital One Eno
Before I go to any of the sites I have an ENO #; I first log into ENO.
Then when I go to the site it selects the correct one when it comes time
to fill in the C.C. # and date. If it is a new site, it creates a new number
and name. I always know which virtual number is used for each account.
Here is an example of what it looks like:
XXXXDollar.com
Use at this merchant
•••• •••• •••• XXXX
Exp: 06/24
Security Code: XXX
Linked to my Venture Card XXX4
Where there are real numbers I put in X's.
This can ONLY be used at XXXXDollar.com
Anywhere else it will not be used.
Since, I only spend there every few months,
it is mostly in the off position; which renders the
number useless to anyone else.
Then when I go to the site it selects the correct one when it comes time
to fill in the C.C. # and date. If it is a new site, it creates a new number
and name. I always know which virtual number is used for each account.
Here is an example of what it looks like:
XXXXDollar.com
Use at this merchant
•••• •••• •••• XXXX
Exp: 06/24
Security Code: XXX
Linked to my Venture Card XXX4
Where there are real numbers I put in X's.
This can ONLY be used at XXXXDollar.com
Anywhere else it will not be used.
Since, I only spend there every few months,
it is mostly in the off position; which renders the
number useless to anyone else.
Re: Capital One Eno
Disabling the number is the key security feature that is benefiting you here, and in that use case it seems to be a good fit. If you left the virtual numbers enabled, they are NOT locked to a specific merchant.
There was just another thread on reddit about this today: https://reddit.com/r/CreditCards/commen ... tless_but/
Basically if someone compromises a site that you used a virtual number on, if the number is unlocked they can use that number at any other site that takes credit cards. There is no merchant matching lock implemented at the current time, and making matters worse the Capital One CSRs aren’t fully up to speed on how the system is implemented.
Re: Capital One Eno
SpaethCo wrote: ↑Fri Oct 11, 2019 6:20 pmDisabling the number is the key security feature that is benefiting you here, and in that use case it seems to be a good fit. If you left the virtual numbers enabled, they are NOT locked to a specific merchant.
There was just another thread on reddit about this today: https://reddit.com/r/CreditCards/commen ... tless_but/
Basically if someone compromises a site that you used a virtual number on, if the number is unlocked they can use that number at any other site that takes credit cards. There is no merchant matching lock implemented at the current time, and making matters worse the Capital One CSRs aren’t fully up to speed on how the system is implemented.
This is beyond disturbing - so the only useful ones are the ones I disable regularly.SpaethCo wrote: ↑Fri Oct 11, 2019 6:20 pmDisabling the number is the key security feature that is benefiting you here, and in that use case it seems to be a good fit. If you left the virtual numbers enabled, they are NOT locked to a specific merchant.
There was just another thread on reddit about this today: https://reddit.com/r/CreditCards/commen ... tless_but/
Basically if someone compromises a site that you used a virtual number on, if the number is unlocked they can use that number at any other site that takes credit cards. There is no merchant matching lock implemented at the current time, and making matters worse the Capital One CSRs aren’t fully up to speed on how the system is implemented.
That is 55 out of 62 so the other 7 I will change to my regular c.c. number. So it will still be useful, but this is a MAJOR strategic security blunder that can make you LESS secure.
I am on vacation for awhile, but #1 when I return is to change all my monthlies back to my regular c.c. number. Thank you for the heads up -- this s*cks for them to be so moronic in their implementation. For the majority of my c.c.#'s it is still useful.
Re: Capital One Eno
+1 I really thought that the numbers were locked to the initial merchant. That is certainly implied by the presentation. I appreciate the correction.Rob5TCP wrote: ↑Sat Oct 12, 2019 11:33 am This is beyond disturbing - so the only useful ones are the ones I disable regularly.
That is 55 out of 62 so the other 7 I will change to my regular c.c. number. So it will still be useful, but this is a MAJOR strategic security blunder that can make you LESS secure.
I am on vacation for awhile, but #1 when I return is to change all my monthlies back to my regular c.c. number. Thank you for the heads up -- this s*cks for them to be so moronic in their implementation. For the majority of my c.c.#'s it is still useful.
I checked, and I only have 12 active Eno numbers. 8 of them were already locked. But I have 4 of them unlocked: for a nonprofit I contribute to regularly, my water bill, my domain name registrar, and my paid secure email and VPN provider. Those four should be secure, but I will change them to my regular number. The domain name registrar and email/VPN provider are on recurring subscriptions, but the subscriptions are easy to control, so I don't really need the protection of using a disabled number.
Re: Capital One Eno
Ina bit of irony, my c.c. was just compromised while I am on vacation.
They did use my main # so that is better than figuring out which ENO # was (if that is even possible).
But it is not great to be down to 1 c.c. while on vacation
They did use my main # so that is better than figuring out which ENO # was (if that is even possible).
But it is not great to be down to 1 c.c. while on vacation
Re: Capital One Eno
20 years ago when there was unauthorized use of a credit card you'd have to fill out forms, have them notarized, mail them in, and then wait for the outcome.criticalmass wrote: ↑Tue Oct 08, 2019 6:49 amIt's certainly not mandatory. But it is MUCH less hassle than dealing with fraud or overzealous autorenewals (e.g. Sirius) with your credit card. It's a very nice option to have, and sets Capital One apart, especially when Amex, Discover, and Bank of America have terminated similar programs. Citi and Capital One are the only major usa issuers left with virtual numbers, and Capital One's implementation is quite easy to use.
These days it's a phone call that takes just a few minutes. In the past 20 years I've had maybe three incidents of fraud across all of my cards combined. I'm not counting the time my wallet was stolen because it's N/A for this discussion.
To me, it's not worth spending my time routinely generating disposable credit card numbers when the ultimate risk isn't mine, since it will cost me more time now than one short phone call every 6 or 7 years (on average).
I'm sure someone has a data point of a person who lost a legitimate dispute, but the risk is extremely remote.
Also, I've subscribed to Sirius for most of the past 15 years, and they've never charged me at a time (or in an amount) I didn't contractually authorize, or verbally authorize on the phone with their retention department (which is how renewals should be handled anyway). M apparently Vs on this.
-
- Posts: 2843
- Joined: Wed Feb 12, 2014 9:58 pm
Re: Capital One Eno
There’s no obligation. I’ve found virtual numbers to be extremely useful and have saved me time with auto renewals and questionable merchant practices. The time spent creating and disposing numbers is less than posting a message here.Trism wrote: ↑Thu Oct 17, 2019 4:41 am20 years ago when there was unauthorized use of a credit card you'd have to fill out forms, have them notarized, mail them in, and then wait for the outcome.criticalmass wrote: ↑Tue Oct 08, 2019 6:49 amIt's certainly not mandatory. But it is MUCH less hassle than dealing with fraud or overzealous autorenewals (e.g. Sirius) with your credit card. It's a very nice option to have, and sets Capital One apart, especially when Amex, Discover, and Bank of America have terminated similar programs. Citi and Capital One are the only major usa issuers left with virtual numbers, and Capital One's implementation is quite easy to use.
These days it's a phone call that takes just a few minutes. In the past 20 years I've had maybe three incidents of fraud across all of my cards combined. I'm not counting the time my wallet was stolen because it's N/A for this discussion.
To me, it's not worth spending my time routinely generating disposable credit card numbers when the ultimate risk isn't mine, since it will cost me more time now than one short phone call every 6 or 7 years (on average).
I'm sure someone has a data point of a person who lost a legitimate dispute, but the risk is extremely remote.
Also, I've subscribed to Sirius for most of the past 15 years, and they've never charged me at a time (or in an amount) I didn't contractually authorize, or verbally authorize on the phone with their retention department (which is how renewals should be handled anyway). M apparently Vs on this.
Re: Capital One Eno
A few minutes ago, I was at a subscription payment screen in Safari on my Mac, and I decided I want to use a number I could turn off. The Eno extension isn't available for the Safari browser, so I opened Brave and used the Eno extension to create a number. The Brave browser window was open to gmail, so Eno said that the number was to be used on google.com. But given the information in this thread, I figured it didn't matter.
But the number was repeatedly rejected by the subscription site. I had to reopen the subscription site in Brave, create a new Eno number for that site, and finalize the subscription.
So are Eno numbers merchant-locked? It certainly appeared so tonight.
But the number was repeatedly rejected by the subscription site. I had to reopen the subscription site in Brave, create a new Eno number for that site, and finalize the subscription.
So are Eno numbers merchant-locked? It certainly appeared so tonight.
-
- Posts: 10843
- Joined: Thu Oct 15, 2015 3:53 pm
Re: Capital One Eno
I didn't like that it was only automated and only worked with certain sites. I deleted it. It is sites I haven't heard of and don't trust that I want a virtual number for. I wanted to generate a number and use it on any site.
Re: Capital One Eno
I'm aware that this post is Capital One related, however I've read a lot of replies from Citi users and their related Virtual Account Number service. I've downloaded the software app onto my desktop PC only to find it requires Adobe Flash player to run.
Adobe Flash is widely known for having security issues and is not recommended to be utilized on a PC or browser.
Why would someone use this knowing of potential risk ?
Adobe Flash is widely known for having security issues and is not recommended to be utilized on a PC or browser.
Why would someone use this knowing of potential risk ?
-
- Posts: 2843
- Joined: Wed Feb 12, 2014 9:58 pm
Re: Capital One Eno
Lots of things are known for having security issues (windows for example). You have to make the reward/risk call. If you use flash (or windows), best you can do is keep it updated and only go to trustworthy sites. Also only enable flash when/where you want to use it.bhjjk19 wrote: ↑Sun Oct 27, 2019 1:53 pm I'm aware that this post is Capital One related, however I've read a lot of replies from Citi users and their related Virtual Account Number service. I've downloaded the software app onto my desktop PC only to find it requires Adobe Flash player to run.
Adobe Flash is widely known for having security issues and is not recommended to be utilized on a PC or browser.
Why would someone use this knowing of potential risk ?
Adobe flash has updates every 10 hours or so, so it keeps you busy updating.
Adobe is phasing out Flash (it's a very long goodbye) so this will be moot someday.
Why does Citibank use flash? Probably was a decision made years ago when flash was state of the art.
Bank of America solved the flash virtual number issue by discontinuing virtual numbers. Maybe Citibank will solve it too.
Re: Capital One Eno
Thanks for your feedback.